package util.web;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.onjob.security.GroupsDao;
import com.onjob.security.GroupsDaoImpl;
import com.onjob.security.Users;
public class CheckFilter implements Filter {
   
    private GroupsDao groupdo = new GroupsDaoImpl();
	public void destroy() {
		// TODO Auto-generated method stub
	}
	@Override
	public void doFilter(ServletRequest request1, ServletResponse response1,
			FilterChain chain) throws IOException, ServletException {
		
		
		HttpServletResponse response = (HttpServletResponse) response1;
		HttpServletRequest request = (HttpServletRequest)request1;
		String url = request.getServletPath();
		
		System.out.println("url-------"+url);
		if(url.endsWith("login.action")||url.endsWith("logindo.action")||url.endsWith("register.action")||url.endsWith("regiseter.action")){
			System.err.println("可以通过");
			chain.doFilter(request1, response1);
		}
		else{
			if(request.getSession().getAttribute("user")!=null){
				System.out.println("url-------"+url);
				Users user = (Users)request.getSession().getAttribute("user");
				if(!groupdo.isCanDo(user, url)){
					request.getSession().setAttribute("message", "您的账号权限限制，不能进行此操作，请您先登录");
					response.sendRedirect("/onjob/login.action");
				}
				else{
					chain.doFilter(request1, response1);
				}
			}
			else{
				request.getSession().setAttribute("message", "您现在没有权限，不能进行此操作，请您先登录");
				response.sendRedirect("/onjob/login.action");
			}
		}    
	}
	@Override
	public void init(FilterConfig arg0) throws ServletException {
		// TODO Auto-generated method stub
	}

}
